config_PutPsz: fix potential use-after-free
The new config value is duplicated, and the copy is stored to the configuration. After the configuration R/W lock is released, we have no warranty that another thread does not change the same configuration item, and free our own copy. Admittedly, this is very unlikely. Instead, we can simply pass the original string from the caller to the callback - that one must remain valid through the config_PutPsz() function call by definition. (cherry picked from commit 6b35f6ff)
Showing
Please register or sign in to comment